test: ulog

author: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2017-11-01 10:16:52 +0200
committer: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> 2017-11-01 12:05:30 +0200
commit: 54642b8230451b8bb5daf497332940cacdaae620 (patch)
tree: ef9566293f60faa528f09838ce97e6309320d9ef /test/output/tproxy/dump
parent: c5056f215d1a2aef5581bcf6213ae9eb7f984291 (diff)
download: awall-54642b8230451b8bb5daf497332940cacdaae620.tar.bz2
awall-54642b8230451b8bb5daf497332940cacdaae620.tar.xz
1 files changed, 70 insertions, 4 deletions
diff --git a/test/output/tproxy/dump b/test/output/tproxy/dump
index b3b4f89..5dcdb32 100644
--- a/test/output/tproxy/dump
+++ b/test/output/tproxy/dump
@@ -130,7 +130,42 @@ Filter 12                   {"action":"pass","log":"none"}
   inet6/filter/INPUT        
   inet6/filter/OUTPUT       
 
-Filter 13                   {"in":["_fw","A"]}
+Filter 13                   {"log":"ulog"}
+(log)                       
+  inet/filter/FORWARD       -j logaccept-1
+  inet/filter/INPUT         -j logaccept-1
+  inet/filter/OUTPUT        -j logaccept-1
+  inet/filter/logaccept-1   -m limit --limit 12/minute -j ULOG
+  inet/filter/logaccept-1   -j ACCEPT
+  inet6/filter/FORWARD      -j logaccept-1
+  inet6/filter/INPUT        -j logaccept-1
+  inet6/filter/OUTPUT       -j logaccept-1
+  inet6/filter/logaccept-1  -j ACCEPT
+
+Filter 14                   {"action":"drop","log":"ulog"}
+(log)                       
+  inet/filter/FORWARD       -j logdrop-2
+  inet/filter/INPUT         -j logdrop-2
+  inet/filter/OUTPUT        -j logdrop-2
+  inet/filter/logdrop-2     -m limit --limit 12/minute -j ULOG
+  inet/filter/logdrop-2     -j DROP
+  inet6/filter/FORWARD      -j logdrop-2
+  inet6/filter/INPUT        -j logdrop-2
+  inet6/filter/OUTPUT       -j logdrop-2
+  inet6/filter/logdrop-2    -j DROP
+
+Filter 15                   {"action":"pass","log":"ulog"}
+(log)                       
+  inet/filter/FORWARD       -j logpass-1
+  inet/filter/INPUT         -j logpass-1
+  inet/filter/OUTPUT        -j logpass-1
+  inet/filter/logpass-1     -m limit --limit 12/minute -j ULOG
+
+Filter 16                   {"action":"pass","in":"_fw","log":"ulog"}
+(log)                       
+  inet/filter/OUTPUT        -m limit --limit 12/minute -j ULOG
+
+Filter 17                   {"in":["_fw","A"]}
 (zone)                      
   inet/filter/FORWARD       -i eth0 -j ACCEPT
   inet/filter/INPUT         -i eth0 -j ACCEPT
@@ -139,12 +174,12 @@ Filter 13                   {"in":["_fw","A"]}
   inet6/filter/INPUT        -i eth0 -j ACCEPT
   inet6/filter/OUTPUT       -j ACCEPT
 
-Filter 14                   {"in":"B","out":"C"}
+Filter 18                   {"in":"B","out":"C"}
 (zone)                      
   inet/filter/FORWARD       -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT
   inet/filter/FORWARD       -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT
 
-Filter 15                   {"out":["_fw","B"]}
+Filter 19                   {"out":["_fw","B"]}
 (zone)                      
   inet/filter/FORWARD       -o eth1 -d 10.0.0.0/12 -j ACCEPT
   inet/filter/INPUT         -j ACCEPT
@@ -153,7 +188,7 @@ Filter 15                   {"out":["_fw","B"]}
   inet6/filter/INPUT        -j ACCEPT
   inet6/filter/OUTPUT       -o eth1 -d fc00::/7 -j ACCEPT
 
-Filter 16                   {"in":["A","B","C","D","E"],"out":["A","B","C","D","E"]}
+Filter 20                   {"in":["A","B","C","D","E"],"out":["A","B","C","D","E"]}
 (zone)                      
   inet/filter/FORWARD       -i eth0 -o eth1 -d 10.0.0.0/12 -j ACCEPT
   inet/filter/FORWARD       -i eth0 -o eth2 -d 10.1.0.0/12 -j ACCEPT
@@ -245,6 +280,9 @@ Log _default  {"limit":1}
 Log none      {"mode":"none"}
 (log)         
 
+Log ulog      {"limit":{"interval":5},"mode":"ulog"}
+(log)         
+
 
 Mark 1                      {"in":["_fw","A"],"mark":1}
 (zone)                      
@@ -505,9 +543,12 @@ hash:net family inet
 :OUTPUT DROP [0:0]
 :icmp-routing - [0:0]
 :logaccept-0 - [0:0]
+:logaccept-1 - [0:0]
 :logdrop-0 - [0:0]
 :logdrop-1 - [0:0]
+:logdrop-2 - [0:0]
 :logpass-0 - [0:0]
+:logpass-1 - [0:0]
 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A FORWARD -j ACCEPT
 -A FORWARD -j logdrop-0
@@ -521,6 +562,9 @@ hash:net family inet
 -A FORWARD -j ACCEPT
 -A FORWARD -j DROP
 -A FORWARD 
+-A FORWARD -j logaccept-1
+-A FORWARD -j logdrop-2
+-A FORWARD -j logpass-1
 -A FORWARD -i eth0 -j ACCEPT
 -A FORWARD -i eth1 -s 10.0.0.0/12 -o eth2 -d 10.1.0.0/12 -j ACCEPT
 -A FORWARD -i eth1 -s 10.0.0.0/12 -o eth3 -d 10.1.0.0/12 -j ACCEPT
@@ -585,6 +629,9 @@ hash:net family inet
 -A INPUT -j ACCEPT
 -A INPUT -j DROP
 -A INPUT 
+-A INPUT -j logaccept-1
+-A INPUT -j logdrop-2
+-A INPUT -j logpass-1
 -A INPUT -i eth0 -j ACCEPT
 -A INPUT -j ACCEPT
 -A INPUT -p icmp -j icmp-routing
@@ -602,6 +649,10 @@ hash:net family inet
 -A OUTPUT -j ACCEPT
 -A OUTPUT -j DROP
 -A OUTPUT 
+-A OUTPUT -j logaccept-1
+-A OUTPUT -j logdrop-2
+-A OUTPUT -j logpass-1
+-A OUTPUT -m limit --limit 12/minute -j ULOG
 -A OUTPUT -j ACCEPT
 -A OUTPUT -o eth1 -d 10.0.0.0/12 -j ACCEPT
 -A OUTPUT -p icmp -j icmp-routing
@@ -610,11 +661,16 @@ hash:net family inet
 -A icmp-routing -p icmp --icmp-type 12 -j ACCEPT
 -A logaccept-0 -m limit --limit 1/second -j LOG
 -A logaccept-0 -j ACCEPT
+-A logaccept-1 -m limit --limit 12/minute -j ULOG
+-A logaccept-1 -j ACCEPT
 -A logdrop-0 -m limit --limit 1/second -j LOG
 -A logdrop-0 -j DROP
 -A logdrop-1 -m limit --limit 1/second -j LOG
 -A logdrop-1 -j DROP
+-A logdrop-2 -m limit --limit 12/minute -j ULOG
+-A logdrop-2 -j DROP
 -A logpass-0 -m limit --limit 1/second -j LOG
+-A logpass-1 -m limit --limit 12/minute -j ULOG
 COMMIT
 *mangle
 :FORWARD ACCEPT [0:0]
@@ -664,8 +720,10 @@ COMMIT
 :OUTPUT DROP [0:0]
 :icmp-routing - [0:0]
 :logaccept-0 - [0:0]
+:logaccept-1 - [0:0]
 :logdrop-0 - [0:0]
 :logdrop-1 - [0:0]
+:logdrop-2 - [0:0]
 :logpass-0 - [0:0]
 -A FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT
 -A FORWARD -j ACCEPT
@@ -680,6 +738,8 @@ COMMIT
 -A FORWARD -j ACCEPT
 -A FORWARD -j DROP
 -A FORWARD 
+-A FORWARD -j logaccept-1
+-A FORWARD -j logdrop-2
 -A FORWARD -i eth0 -j ACCEPT
 -A FORWARD -o eth1 -d fc00::/7 -j ACCEPT
 -A FORWARD -i eth0 -o eth1 -d fc00::/7 -j ACCEPT
@@ -720,6 +780,8 @@ COMMIT
 -A INPUT -j ACCEPT
 -A INPUT -j DROP
 -A INPUT 
+-A INPUT -j logaccept-1
+-A INPUT -j logdrop-2
 -A INPUT -i eth0 -j ACCEPT
 -A INPUT -j ACCEPT
 -A INPUT -p icmpv6 -j ACCEPT
@@ -737,6 +799,8 @@ COMMIT
 -A OUTPUT -j ACCEPT
 -A OUTPUT -j DROP
 -A OUTPUT 
+-A OUTPUT -j logaccept-1
+-A OUTPUT -j logdrop-2
 -A OUTPUT -j ACCEPT
 -A OUTPUT -o eth1 -d fc00::/7 -j ACCEPT
 -A OUTPUT -p icmpv6 -j ACCEPT
@@ -746,10 +810,12 @@ COMMIT
 -A icmp-routing -p icmpv6 --icmpv6-type 4 -j ACCEPT
 -A logaccept-0 -m limit --limit 1/second -j LOG
 -A logaccept-0 -j ACCEPT
+-A logaccept-1 -j ACCEPT
 -A logdrop-0 -m limit --limit 1/second -j LOG
 -A logdrop-0 -j DROP
 -A logdrop-1 -m limit --limit 1/second -j LOG
 -A logdrop-1 -j DROP
+-A logdrop-2 -j DROP
 -A logpass-0 -m limit --limit 1/second -j LOG
 COMMIT
 *mangle
author	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2017-11-01 10:16:52 +0200
committer	Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>	2017-11-01 12:05:30 +0200
commit	54642b8230451b8bb5daf497332940cacdaae620 (patch)
tree	ef9566293f60faa528f09838ce97e6309320d9ef /test/output/tproxy/dump
parent	c5056f215d1a2aef5581bcf6213ae9eb7f984291 (diff)
download	awall-54642b8230451b8bb5daf497332940cacdaae620.tar.bz2 awall-54642b8230451b8bb5daf497332940cacdaae620.tar.xz